Privacy Policy

1. Introduction

SkinVaults ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Information from Steam

When you authenticate through Steam, we collect:

• Steam ID (SteamID64)
• Steam profile name
• Steam avatar image
• Public inventory data (skins, items)
• Public game statistics (if profile is public)
• Faceit player data (when available) - ELO, level, nickname, player ID
• Faceit CS2 statistics (when available) - K/D ratio, win rate, headshot percentage, KAST, matches, kills, deaths, assists, MVPs, and other performance metrics

Note: We only access publicly available information from your Steam profile. We do not access private inventory or profile data.

2.2 Information from Discord (Optional)

When you connect your Discord account (optional), we collect:

• Discord ID (unique identifier)
• Discord username (including discriminator if applicable)
• Discord avatar image
• Discord OAuth access token and refresh token (for sending direct messages)
• Token expiration timestamp
• Connection timestamp

Note: Discord tokens are stored securely and expire automatically. You can disconnect your Discord account at any time, which will remove all stored Discord data and active price trackers.

2.3 Information You Provide

• Wishlist items (stored locally in your browser and optionally synced to server)
• Currency preferences (EUR/USD, stored in browser localStorage)
• Price alert/tracker settings (target prices, conditions, stored in MongoDB database)
• Contact form submissions (name, email, message, images)
• Payment information (processed securely through Stripe - we do not store credit card details)
• Compare list items (stored locally in browser, max 2 items)
• Purchase history (Pro subscriptions and consumable purchases - stored in MongoDB)
• Consumable purchases (wishlist slots, Discord access, price scan boost, cache boost - stored in user_rewards database key)
• Chat messages (global chat messages and direct messages - stored in MongoDB)
• DM conversations (direct message threads between users - stored in MongoDB)
• DM invites (invitations to start direct message conversations - stored in MongoDB)
• Chat reports (reported messages with admin notes - stored in MongoDB)
• Admin actions (timeouts, bans, message deletions, pins - stored in MongoDB)

2.4 Automatically Collected Information

• First login timestamp (for new user bonus eligibility, stored in MongoDB)
• Pro subscription status and expiration dates (stored in MongoDB)
• Claimed bonus status (stored in MongoDB)
• Price alert trigger history (stored in MongoDB)
• Purchase history (all Pro and consumable purchases, including session IDs, amounts, timestamps, fulfillment status - stored in MongoDB)
• Failed purchase records (for admin review and manual fulfillment - stored in MongoDB)
• User rewards (consumable purchases like wishlist slots, Discord access, boosts - stored in MongoDB)
• Banned user list (Steam IDs that are banned from the Service - stored in MongoDB)
• Stripe test mode status (for payment testing - stored in MongoDB)
• Chat notification preferences (unread message counts, last check timestamps - stored in browser localStorage)
• Browser type and device information
• IP address (for security and analytics)
• Usage data (pages visited, features used, commands executed, chat activity)
• Price cache data (stored locally in browser for performance - Free: 30 min, Pro: 2 hours, Cache Boost: 1 hour)
• Dataset cache (item information from CS:GO API, stored locally in browser for 12-24 hours)
• Chat message cache (recent messages cached locally for faster loading - stored in browser localStorage)
• DM list cache (list of direct message conversations - stored in browser localStorage)

3. How We Use Your Information

We use the collected information for:

• Providing and maintaining the Service
• Displaying your inventory and statistics (Steam and Faceit)
• Processing Pro subscription payments
• Managing your account and preferences
• Enabling community chat and direct messaging
• Sending service-related communications
• Responding to your contact form submissions
• Moderating chat content and enforcing community guidelines
• Improving and optimizing the Service
• Detecting and preventing fraud or abuse
• Complying with legal obligations

4. Data Storage and Security

4.1 Storage Locations

• Browser LocalStorage:
  • Wishlist items (key: sv_wishlist_v1)
  • Currency preferences (key: sv_currency)
  • User session data (key: steam_user)
  • Price cache (key: sv_price_cache_v1)
  • Dataset cache (key: sv_dataset_cache_v1)
  • Compare list (key: sv_compare_list)
  • Chat message cache (key: sv_chat_cache)
  • DM list (key: sv_dm_list)
  • Chat notification data (key: sv_chat_notifications) - unread counts, last check times
• MongoDB:
  • Pro subscription data
  • First login timestamps
  • Claimed bonus flags
  • Discord connections
  • Price alerts/trackers
  • Purchase history
  • Failed purchases
  • User rewards
  • Banned Steam IDs
  • Stripe test mode status
  • Global chat messages
  • Direct messages
  • DM conversations
  • DM invites
  • Chat reports
  • Admin actions
• Stripe: Payment information (we do not store credit card details on our servers). Supports both production and test mode for payment testing.

4.2 Security Measures

We implement appropriate technical and organizational measures to protect your data:

• HTTPS encryption for all data transmission
• Secure authentication through Steam OpenID
• Access controls and authentication for admin functions
• Regular security updates and monitoring

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

• Steam: For authentication and accessing your public profile data, inventory, and statistics
• Faceit: For fetching player statistics, ELO, and CS2 performance data (subject to Faceit's privacy policy)
• Discord: For sending price alert notifications via direct messages and enabling bot commands (subject to Discord's privacy policy)
• Pusher: For real-time chat updates via WebSocket connections (subject to Pusher's privacy policy)
• Stripe: For payment processing (subject to Stripe's privacy policy)
• Coolify / Hetzner: For hosting and infrastructure
• MongoDB: For database storage
• Email Service Providers: For sending contact form emails (Resend, SMTP providers)
• Proxy Services: ScraperAPI, ZenRows, ScrapingAnt for accessing Steam Community Market data
• steamid.io: For resolving Steam usernames to Steam64 IDs
• CORS Proxy Services: corsproxy.io, api.allorigins.win for accessing external APIs

We may also disclose information if required by law or to protect our rights and safety.

6. Cookies and Local Storage

We use browser localStorage (not cookies) to store:

• Your Steam authentication session (Steam ID, profile name, avatar)
• Wishlist items (optionally synced to server for cross-device access)
• Currency preferences (EUR/USD)
• Price cache data (cached market prices for performance - Free: 30 min, Pro: 2 hours)
• Dataset cache (item information from CS:GO API - cached for 12-24 hours)
• Compare list (items selected for comparison, max 2 items)
• Chat message cache (recent messages for faster loading)
• DM list (list of direct message conversations)
• Chat notification data (unread message counts, last check timestamps)

This data is stored locally in your browser and is not transmitted to our servers except when necessary for the Service to function (e.g., wishlist sync, price alerts). You can clear this data at any time by clearing your browser's localStorage.

7. Third-Party Services

Our Service integrates with third-party services that have their own privacy policies:

• Steam: Steam Privacy Policy
• Faceit: Faceit Terms of Service
• Discord: Discord Privacy Policy
• Pusher: Pusher Privacy Policy
• Stripe: Stripe Privacy Policy
• MongoDB: MongoDB Privacy Policy
• Proxy Services: ScraperAPI, ZenRows, ScrapingAnt (each has their own privacy policies)

8. Your Rights and Choices

You have the right to:

• Access: Request information about data we hold about you
• Correction: Update or correct your information
• Deletion: Request deletion of your data (subject to legal requirements)
• Withdrawal: Withdraw consent for data processing
• Portability: Request a copy of your data in a portable format

To exercise these rights, contact us through our Contact Page.

9. Data Retention

We retain your data for as long as necessary to provide the Service:

• Account Data: Retained while your account is active
• Pro Subscription Data: Retained for the duration of your subscription and for legal/accounting purposes
• Purchase History: Retained for legal/accounting purposes and customer support. Includes Pro subscriptions and consumable purchases.
• User Rewards (Consumables): Retained permanently as consumables never expire. Includes wishlist slots, Discord access, and boost purchases.
• Discord Connection Data: Retained until you disconnect your Discord account or tokens expire. Expired tokens are automatically removed.
• Price Alert Data: Retained until you delete the alert or disconnect your Discord account
• Contact Form Data: Retained for customer support purposes
• Banned User Data: Retained until the ban is lifted. If you are unbanned, your access is restored immediately.
• Chat Messages: Retained for moderation and legal purposes. Global chat messages are visible to all users. Direct messages are private between participants.
• DM Conversations: Retained until both participants delete the conversation or one participant is banned
• DM Invites: Retained until accepted, declined, or expired
• Chat Reports: Retained for moderation purposes and may be kept for legal compliance
• Admin Actions: Retained for audit and moderation purposes
• Faceit Data: Not stored permanently - fetched on-demand and cached temporarily for performance
• LocalStorage Data: Stored in your browser until you clear it. Wishlist data may be synced to server for cross-device access. Chat cache and DM list are stored locally for faster loading.
• Discord DM Queue: Temporary queue cleared after messages are sent by the bot
• Failed Purchase Records: Retained for admin review and manual fulfillment. May be cleared after successful fulfillment.

You can delete your local data at any time by clearing your browser's localStorage. You can disconnect your Discord account at any time, which will remove all Discord-related data and price trackers. To request deletion of server-stored data, contact us through our Contact Page.

10. Children's Privacy

Our Service is not intended for users under the age of 13. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using the Service, you consent to the transfer of your information to these countries.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us through our Contact Page.

14. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to be informed about data collection
• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

To exercise these rights, contact us through our Contact Page.